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DETAILED ACTION 

1 . Claims 1-24 are pending in this office action. 

2. Applicant's arguments, filed January 24, 2008, have been considered and are 
persuasive. However, a new ground of rejection is made. 

Claim Rejections 

3. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior office action. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

5. Claims 1-4, 20, 21 , 23, and 24 are rejected under 35 U.S.C. 102(a/e) as being 
anticipated by Lineman et al. (U.S. Patent Pub. No. 2003/0065942). 

Regarding claim 1 . Lineman et al. teaches a method/computer system 
comprising: 
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• Describing a plurality of password policies in a computer usable password policy 
data structure (fig. 6 A and 6B): 

• Accessing said computer usable password policy data structure by a password 
policy enforcement agent (paragraph 0083); and 

• Enforcing at least one of said plurality of password policies described within said 
password policy data structure by said password policy enforcement agent 
(paragraph 0095). 

Regarding claim 20 , Lineman et al. teaches instructions on a computer usable 
medium wherein the instructions when executed cause a computer system to 
perform a method of establishing a consistent password policy, said method 
comprising: 

• Describing a plurality of password policies in a computer usable password 
policy data structure (fig. 6A and 6B); 

• Providing an access point with access to said computer usable password 
policy data structure (paragraph 0083); and 

• Receiving feedback from a password policy enforcement agent associated 
with said access point about which of said plurality of password policies 
have been successfully enforced (paragraph 0095 and fig. 2, ref. num 84). 



Regarding claim 23 , Lineman et al. teaches a method/computer system 
comprising: 
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• Computer usable media comprising computer usable instructions that when 
executed on a processor of said first server computer implement a method of 
establishing a consistent password policy, said method comprising (fig. 6A and 
6B): 

• Accessing a computer usable password policy data structure by a password 
policy enforcement agent (paragraph 0083); and 

• Enforcing a password policy described within said password policy data structure 
by said password policy enforcement agent (paragraph 0095). 

Regarding claims 2 and 21 , Lineman et al. teaches wherein said computer 
usable password policy data structure comprises a file structure compatible with 
extensible markup language (fig. 6A and 6B). 

Regarding claim 3 , Lineman et al. teaches wherein said password policy 
enforcement agent is operable on a client computer of a client-server computer system 
(paragraph 0030 and fig. 1, ref. num 28). 



Regarding claims 4 and 24 , Lineman et al. teaches wherein said method is 
operable on a utility data center (fig. 1 ). 
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Regarding claim 5 , Lineman et al. teaches further comprising validating said 
computer usable password policy data structure for authenticity by said password policy 
enforcement agent (paragraph 0091 ). 

Claim Rejections - 35 USC § 103 

6. Claim 19 is rejected under 35 U.S.C. 103(a) as being unpatentable over Lineman 
etal. (U.S. Patent Pub. No. 2003/0065942) in view of Cole etal. (U.S. Patent Pub. No. 
2002/0161707). 

Regarding claim 19 , Lineman et al. teaches all the limitations of claim 1 , above. 
However, Lineman et al. does not teach further comprising providing, by said password 
policy enforcement agent, feedback to a configuration and aggregation point, about 
which of said plurality of password policies have been successfully enforced. 

Cole et al. teaches further comprising providing, by said password policy 
enforcement agent, feedback to a configuration and aggregation point, about which of 
said plurality of password policies have been successfully enforced (paragraph 0083). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine providing feedback for successful enforcement, as 
taught by Cole et al. , with the method of Lineman et al. It would have been obvious for 
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such modifications because feedback informs the user/administrator that the policy 
being enforced is working. 

Claims 5-18 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Lineman etal. (U.S. Patent Pub. No. 2003/0065942) in view of Password Policy of 
eRA (referred to as Password Policy hereinafter). 

Regarding claims 5-18 and 22 , Lineman et al. teaches all the limitations of claims 
1 and 20, above. However, Lineman et al. does not teach specific policy types. 

Password Policy teaches comprising a computer access password policy 
parameter selected from the set of computer access password policy parameters 
comprising: a threshold parameter for unsuccessful access attempts that when 
exceeded disables a computer system access account; a parameter indicating the a 
time duration within which said threshold parameter number of unsuccessful access 
attempts triggers locking of a computer system access account; an initial delay 
parameter to block access to a computer system access account for a period of time 
after an unsuccessful access attempt; a minimum password length parameter; a 
maximum password length parameter; a parameter to prohibit passwords consisting of 
a natural language word; a parameter to prohibit passwords consisting of a palindrome; 
a parameter to prohibit passwords consisting of a derivative of a computer system 
account name; a parameter to automatically generate a password; a parameter to 
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automatically generate a pronounceable password consistent with all of said plurality of 
password policies; and a parameter to specify a set of characters utilizable to 
automatically generate a password (page 2-4, section 5.0 through 5.5). 

It would have been obvious to one of ordinary skill in the art, at the time the 
invention was made, to combine a plurality of different password policies, as taught by 
Password Policy , with the method/computer system of Lineman et al. It would have 
been obvious for such modifications because the policies taught by Password Policy 
reduce the risk of unauthorized access to servers and databases (see page 1 , section 
1 .0 of Password Policy). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to BRANDON S. HOFFMAN whose telephone number is 
(571)272-3863. The examiner can normally be reached on M-F 8:30 - 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser G. Moazzami can be reached on 571-272-4195. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Brandon S Hoffman/ 

Primary Examiner, Art Unit 2136 



